I'm attempting to make a POST request to an external API (sending it some JSON based on input from a form). It's got custom headers, so it needs to make a preflighted CORS request, which is where I'm having an issue:
Access to fetch at '[the api url]' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. [...]
My question is: why is the origin 'null'?
If I'm understanding CORS correctly, the CORS issue itself might need to be resolved on the API's end by allowing access to their resource from the origin
<my site>.retool.com, but right now it seems like the origin is
Does anyone have a sense of what's going on here, or know the best place to start debugging?